diff --git a/CHANGELOG.md b/CHANGELOG.md
index c1c6bb57d5..126b19e028 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.12] - 2026-03-26
+
+### Added
+
+- 🌐 **Translation updates.** Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded.
+
+### Fixed
+
+- 🔒 **Terminal server connection security.** Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. [Commit](https://github.com/open-webui/open-webui/commit/a6413257079a52fa4487eda36543f3955d0fbd53), [Commit](https://github.com/open-webui/open-webui/commit/4567cdc0d9cb7b42b6eba7b676c0ced3f4850d31)
+- 🛠️ **Terminal tools exception handling.** Exceptions in middleware.py due to invalid return values from get_terminal_tools() have been resolved. [Commit](https://github.com/open-webui/open-webui/commit/52a06bd48aff34fb2211aac2879f0cd028129267)
+- 📦 **Missing beautifulsoup4 dependency.** Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. [Commit](https://github.com/open-webui/open-webui/commit/1994d65306bbcc7406584e1bfef82f5d353fc91c)
+- 🔌 **API files list error.** The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. [Commit](https://github.com/open-webui/open-webui/commit/11f52921dc21c2dc61c03f12bcdf6f19140a350c)
+- 📜 **License data loading.** License data now loads correctly, displaying the expected color and logo in the interface. [Commit](https://github.com/open-webui/open-webui/commit/16335f866ea4cedf00c4971963622fcc1fe02d82)
+- 👑 **Admin model visibility.** Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. [Commit](https://github.com/open-webui/open-webui/commit/f3f8f9874f55282603c2650b91801640cb3f69cb)
+- 📊 **Tool call embed visibility.** Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. [Commit](https://github.com/open-webui/open-webui/commit/4c872a8d128757d4a6f311fb86bc382af2ba5d0d), [Commit](https://github.com/open-webui/open-webui/commit/308fa924a5b2b7e08cd1e8f15b9c8c96e1de8f02)
+
 ## [0.8.11] - 2026-03-25
 
 ### Added
diff --git a/CHANGELOG_EXTRA.md b/CHANGELOG_EXTRA.md
index adeb272bfc..42ba5d80fd 100644
--- a/CHANGELOG_EXTRA.md
+++ b/CHANGELOG_EXTRA.md
@@ -5,11 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.12.1] - 2026.03.27
+
+### Changed
+
+- 合并官方 [0.8.12](https://github.com/open-webui/open-webui/releases/tag/v0.8.12) 改动
+
 ## [0.8.11.1] - 2026.03.26
 
 ### Changed
 
-- 合并官方 0.8.11 改动
+- 合并官方 [0.8.11](https://github.com/open-webui/open-webui/releases/tag/v0.8.11) 改动
 
 ## [0.8.10.2] - 2026.03.18
 
@@ -21,43 +27,43 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.8.10 改动
+- 合并官方 [0.8.10](https://github.com/open-webui/open-webui/releases/tag/v0.8.10) 改动
 
 ## [0.8.9.1] - 2026.03.08
 
 ### Changed
 
-- 合并官方 0.8.9 改动
+- 合并官方 [0.8.9](https://github.com/open-webui/open-webui/releases/tag/v0.8.9) 改动
 
 ## [0.8.8.1] - 2026.03.03
 
 ### Changed
 
-- 合并官方 0.8.8 改动
+- 合并官方 [0.8.8](https://github.com/open-webui/open-webui/releases/tag/v0.8.8) 改动
 
 ## [0.8.7.1] - 2026.03.02
 
 ### Changed
 
-- 合并官方 0.8.7 改动
+- 合并官方 [0.8.7](https://github.com/open-webui/open-webui/releases/tag/v0.8.7) 改动
 
 ## [0.8.5.1] - 2026.02.24
 
 ### Changed
 
-- 合并官方 0.8.5 改动
+- 合并官方 [0.8.5](https://github.com/open-webui/open-webui/releases/tag/v0.8.5) 改动
 
 ## [0.8.3.1] - 2026.02.19
 
 ### Changed
 
-- 合并官方 0.8.3 改动
+- 合并官方 [0.8.3](https://github.com/open-webui/open-webui/releases/tag/v0.8.3) 改动
 
 ## [0.8.1.1] - 2026.02.14
 
 ### Changed
 
-- 合并官方 0.8.1 改动
+- 合并官方 [0.8.1](https://github.com/open-webui/open-webui/releases/tag/v0.8.1) 改动
 - 移除 Responses 接口
 
 ## [0.8.0.2] - 2026.02.13
@@ -70,7 +76,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.8.0 改动
+- 合并官方 [0.8.0](https://github.com/open-webui/open-webui/releases/tag/v0.8.0) 改动
 
 ## [0.7.2.5] - 2026.01.28
 
@@ -82,13 +88,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.7.2 改动
+- 合并官方 [0.7.2](https://github.com/open-webui/open-webui/releases/tag/v0.7.2) 改动
 
 ## [0.7.1.1] - 2026.01.10
 
 ### Changed
 
-- 合并官方 0.7.1 改动
+- 合并官方 [0.7.1](https://github.com/open-webui/open-webui/releases/tag/v0.7.1) 改动
 
 ## [0.6.43.2] - 2025.12.22
 
@@ -100,7 +106,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.43 改动
+- 合并官方 [0.6.43](https://github.com/open-webui/open-webui/releases/tag/v0.6.43) 改动
 
 ## [0.6.42.1] - 2025.12.21
 
@@ -114,7 +120,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - 对部分配置增加额外的校验和提示
 - 优化积分统计面板、积分日志、兑换码管理的加载性能
-- 合并官方 0.6.42 改动
+- 合并官方 [0.6.42](https://github.com/open-webui/open-webui/releases/tag/v0.6.42) 改动
 
 ### Fixed
 
@@ -125,7 +131,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.41 改动
+- 合并官方 [0.6.41](https://github.com/open-webui/open-webui/releases/tag/v0.6.41) 改动
 
 ## [0.6.40.2] - 2025.11.27
 
@@ -141,13 +147,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.40 改动
+- 合并官方 [0.6.40](https://github.com/open-webui/open-webui/releases/tag/v0.6.40) 改动
 
 ## [0.6.38.1] - 2025.11.24
 
 ### Changed
 
-- 合并官方 0.6.38 改动
+- 合并官方 [0.6.38](https://github.com/open-webui/open-webui/releases/tag/v0.6.38) 改动
 
 ## [0.6.37.1] - 2025.11.24
 
@@ -157,7 +163,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.37 改动
+- 合并官方 [0.6.37](https://github.com/open-webui/open-webui/releases/tag/v0.6.37) 改动
 
 ### Fixed
 
@@ -167,19 +173,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.36 改动
+- 合并官方 [0.6.36](https://github.com/open-webui/open-webui/releases/tag/v0.6.36) 改动
 
 ## [0.6.34.1] - 2025.10.17
 
 ### Changed
 
-- 合并官方 0.6.34 改动
+- 合并官方 [0.6.34](https://github.com/open-webui/open-webui/releases/tag/v0.6.34) 改动
 
 ## [0.6.33.1] - 2025.10.08
 
 ### Changed
 
-- 合并官方 0.6.33 改动
+- 合并官方 [0.6.33](https://github.com/open-webui/open-webui/releases/tag/v0.6.33) 改动
 
 ## [0.6.32.1] - 2025.09.29
 
@@ -189,7 +195,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.32 改动
+- 合并官方 [0.6.32](https://github.com/open-webui/open-webui/releases/tag/v0.6.32) 改动
 
 ## [0.6.31.1] - 2025.09.26
 
@@ -197,7 +203,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - 移除 Markdown 编辑器
 - 移除自定义代码块样式
-- 合并官方 0.6.31 改动
+- 合并官方 [0.6.31](https://github.com/open-webui/open-webui/releases/tag/v0.6.31) 改动
 
 ### Fixed
 
@@ -207,37 +213,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.30 改动
+- 合并官方 [0.6.30](https://github.com/open-webui/open-webui/releases/tag/v0.6.30) 改动
 
 ## [0.6.28.1] - 2025.09.11
 
 ### Changed
 
-- 合并官方 0.6.28 改动
+- 合并官方 [0.6.28](https://github.com/open-webui/open-webui/releases/tag/v0.6.28) 改动
 
 ## [0.6.27.1] - 2025.09.10
 
 ### Changed
 
-- 合并官方 0.6.27 改动
+- 合并官方 [0.6.27](https://github.com/open-webui/open-webui/releases/tag/v0.6.27) 改动
 
 ## [0.6.26.1] - 2025.08.28
 
 ### Changed
 
-- 合并官方 0.6.26 改动
+- 合并官方 [0.6.26](https://github.com/open-webui/open-webui/releases/tag/v0.6.26) 改动
 
 ## [0.6.25.1] - 2025.08.22
 
 ### Changed
 
-- 合并官方 0.6.25 改动
+- 合并官方 [0.6.25](https://github.com/open-webui/open-webui/releases/tag/v0.6.25) 改动
 
 ## [0.6.24.1] - 2025.08.22
 
 ### Changed
 
-- 合并官方 0.6.24 改动
+- 合并官方 [0.6.24](https://github.com/open-webui/open-webui/releases/tag/v0.6.24) 改动
 
 ## [0.6.23.1] - 2025.08.22
 
@@ -247,7 +253,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - 支持禁用自定义编辑器和代码块
 - 优化 DB 初始化流程
 - 移除不必要的对话日志加载逻辑
-- 合并官方 0.6.23 改动
+- 合并官方 [0.6.23](https://github.com/open-webui/open-webui/releases/tag/v0.6.23) 改动
 
 ### Fixed
 
@@ -263,13 +269,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.22 改动
+- 合并官方 [0.6.22](https://github.com/open-webui/open-webui/releases/tag/v0.6.22) 改动
 
 ## [0.6.21.1] - 2025.08.10
 
 ### Changed
 
-- 合并官方 0.6.21 改动
+- 合并官方 [0.6.21](https://github.com/open-webui/open-webui/releases/tag/v0.6.21) 改动
 
 ## [0.6.20.1] - 2025.08.10
 
@@ -282,7 +288,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - 移除积分统计面板的数字展示
-- 合并官方 0.6.20 改动
+- 合并官方 [0.6.20](https://github.com/open-webui/open-webui/releases/tag/v0.6.20) 改动
 
 ### Fixed
 
@@ -292,7 +298,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.18 改动
+- 合并官方 [0.6.18](https://github.com/open-webui/open-webui/releases/tag/v0.6.18) 改动
 
 ## [0.6.16.1] - 2025.07.15
 
@@ -303,13 +309,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - 移除英文/中文以外的语言支持
-- 合并官方 0.6.16 改动
+- 合并官方 [0.6.16](https://github.com/open-webui/open-webui/releases/tag/v0.6.16) 改动
 
 ## [0.6.15.1] - 2025.06.18
 
 ### Changed
 
-- 合并官方 0.6.15 改动
+- 合并官方 [0.6.15](https://github.com/open-webui/open-webui/releases/tag/v0.6.15) 改动
 
 ## [0.6.14.1] - 2025.06.11
 
@@ -323,7 +329,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - 修改积分统计的最大范围为最近 180 天
-- 合并官方 0.6.14 改动
+- 合并官方 [0.6.14](https://github.com/open-webui/open-webui/releases/tag/v0.6.14) 改动
 
 ## [0.6.13.1] - 2025.05.30
 
@@ -333,7 +339,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.13 改动
+- 合并官方 [0.6.13](https://github.com/open-webui/open-webui/releases/tag/v0.6.13) 改动
 
 ## [0.6.12.1] - 2025.05.29
 
@@ -343,14 +349,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.12 改动
+- 合并官方 [0.6.12](https://github.com/open-webui/open-webui/releases/tag/v0.6.12) 改动
 
 ## [0.6.11.1] - 2025.05.27
 
 ### Changed
 
 - 优化用量信息的交互
-- 合并官方 0.6.11 改动
+- 合并官方 [0.6.11](https://github.com/open-webui/open-webui/releases/tag/v0.6.11) 改动
 
 ### Fixed
 
@@ -368,7 +374,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - 积分日志搜索修改为搜索用户名
 - 移除自定义滚动条样式
 - 修改积分日志单页数量为 30
-- 合并官方 0.6.10 改动
+- 合并官方 [0.6.10](https://github.com/open-webui/open-webui/releases/tag/v0.6.10) 改动
 
 ## [0.6.9.1] - 2025.05.11
 
@@ -382,7 +388,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.9 改动
+- 合并官方 [0.6.9](https://github.com/open-webui/open-webui/releases/tag/v0.6.9) 改动
 
 ### Fixed
 
@@ -398,7 +404,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- 合并官方 0.6.7 改动
+- 合并官方 [0.6.7](https://github.com/open-webui/open-webui/releases/tag/v0.6.7) 改动
 
 ## [0.6.6.1] - 2025-05-05
 
diff --git a/backend/open_webui/models/files.py b/backend/open_webui/models/files.py
index 9a5b8fa400..7a9f77a3b0 100644
--- a/backend/open_webui/models/files.py
+++ b/backend/open_webui/models/files.py
@@ -87,7 +87,7 @@ class FileModelResponse(BaseModel):
 
     filename: str
     data: Optional[dict] = None
-    meta: FileMeta
+    meta: Optional[FileMeta] = None
 
     created_at: int  # timestamp in epoch
     updated_at: Optional[int] = None  # timestamp in epoch, optional for legacy files
@@ -246,7 +246,7 @@ def get_file_list(
             total = query.count()
 
             items = [
-                FileModel.model_validate(file)
+                FileModelResponse.model_validate(file, from_attributes=True)
                 for file in query.order_by(File.updated_at.desc(), File.id.desc()).offset(skip).limit(limit).all()
             ]
 
diff --git a/backend/open_webui/retrieval/utils.py b/backend/open_webui/retrieval/utils.py
index b6c46c1dad..7aa68bc602 100644
--- a/backend/open_webui/retrieval/utils.py
+++ b/backend/open_webui/retrieval/utils.py
@@ -29,6 +29,7 @@
 from open_webui.models.chats import Chats
 from open_webui.models.notes import Notes
 from open_webui.models.access_grants import AccessGrants
+from open_webui.utils.access_control.files import has_access_to_file
 
 from open_webui.retrieval.vector.main import GetResult
 from open_webui.utils.headers import include_user_info_headers
@@ -996,7 +997,11 @@ async def get_sources_from_items(
                     }
                 elif item.get('id'):
                     file_object = Files.get_file_by_id(item.get('id'))
-                    if file_object:
+                    if file_object and (
+                        user.role == 'admin'
+                        or file_object.user_id == user.id
+                        or has_access_to_file(item.get('id'), 'read', user)
+                    ):
                         query_result = {
                             'documents': [[file_object.data.get('content', '')]],
                             'metadatas': [
diff --git a/backend/open_webui/routers/configs.py b/backend/open_webui/routers/configs.py
index 6d09602c5c..82adf9da10 100644
--- a/backend/open_webui/routers/configs.py
+++ b/backend/open_webui/routers/configs.py
@@ -269,6 +269,92 @@ async def set_terminal_servers_config(
     }
 
 
+@router.post('/terminal_servers/verify')
+async def verify_terminal_server_connection(
+    request: Request, form_data: TerminalServerConnection, user=Depends(get_admin_user)
+):
+    """
+    Verify the connection to a terminal server by detecting its type.
+
+    Tries GET {url}/api/v1/policies (orchestrator) then GET {url}/api/config
+    (plain terminal).  Returns ``{status: true, type: "orchestrator"|"terminal"}``.
+    """
+    base_url = (form_data.url or '').rstrip('/')
+    if not base_url:
+        raise HTTPException(status_code=400, detail='Terminal server URL is required')
+
+    headers = {}
+    if form_data.auth_type == 'bearer' and form_data.key:
+        headers['Authorization'] = f'Bearer {form_data.key}'
+
+    try:
+        async with aiohttp.ClientSession(
+            trust_env=True,
+            timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT),
+        ) as session:
+            # Orchestrators expose a policies API; plain terminals don't.
+            try:
+                async with session.get(f'{base_url}/api/v1/policies', headers=headers) as resp:
+                    if resp.ok:
+                        return {'status': True, 'type': 'orchestrator'}
+            except Exception:
+                pass
+
+            # Fall back to open-terminal config endpoint.
+            try:
+                async with session.get(f'{base_url}/api/config', headers=headers) as resp:
+                    if resp.ok:
+                        return {'status': True, 'type': 'terminal'}
+            except Exception:
+                pass
+
+    except Exception as e:
+        log.debug(f'Failed to connect to the terminal server: {e}')
+
+    raise HTTPException(status_code=400, detail='Failed to connect to the terminal server')
+
+
+class TerminalServerPolicyForm(BaseModel):
+    url: str
+    key: Optional[str] = ''
+    auth_type: Optional[str] = 'bearer'
+    policy_id: str
+    policy_data: dict
+
+
+@router.post('/terminal_servers/policy')
+async def put_terminal_server_policy(
+    request: Request, form_data: TerminalServerPolicyForm, user=Depends(get_admin_user)
+):
+    """
+    Proxy a policy PUT to an orchestrator terminal server.
+    """
+    base_url = (form_data.url or '').rstrip('/')
+    if not base_url:
+        raise HTTPException(status_code=400, detail='Terminal server URL is required')
+
+    headers = {'Content-Type': 'application/json'}
+    if form_data.auth_type == 'bearer' and form_data.key:
+        headers['Authorization'] = f'Bearer {form_data.key}'
+
+    try:
+        async with aiohttp.ClientSession(
+            trust_env=True,
+            timeout=aiohttp.ClientTimeout(total=AIOHTTP_CLIENT_TIMEOUT),
+        ) as session:
+            policy_url = f'{base_url}/api/v1/policies/{form_data.policy_id}'
+            async with session.put(policy_url, headers=headers, json=form_data.policy_data) as resp:
+                if resp.ok:
+                    return await resp.json()
+                detail = await resp.text()
+                raise HTTPException(status_code=resp.status, detail=detail)
+    except HTTPException:
+        raise
+    except Exception as e:
+        log.debug(f'Failed to save policy to terminal server: {e}')
+        raise HTTPException(status_code=400, detail='Failed to save policy to terminal server')
+
+
 @router.post('/tool_servers/verify')
 async def verify_tool_servers_config(request: Request, form_data: ToolServerConnection, user=Depends(get_admin_user)):
     """
diff --git a/backend/open_webui/routers/utils.py b/backend/open_webui/routers/utils.py
index 7ea4150021..c79d8fe5d8 100644
--- a/backend/open_webui/routers/utils.py
+++ b/backend/open_webui/routers/utils.py
@@ -42,6 +42,12 @@ async def format_code(form_data: CodeForm, user=Depends(get_admin_user)):
 
 @router.post('/code/execute')
 async def execute_code(request: Request, form_data: CodeForm, user=Depends(get_verified_user)):
+    if not request.app.state.config.ENABLE_CODE_EXECUTION:
+        raise HTTPException(
+            status_code=403,
+            detail='Code execution is disabled',
+        )
+
     if request.app.state.config.CODE_EXECUTION_ENGINE == 'jupyter':
         output = await execute_code_jupyter(
             request.app.state.config.CODE_EXECUTION_JUPYTER_URL,
diff --git a/backend/open_webui/utils/middleware.py b/backend/open_webui/utils/middleware.py
index d98d6901cc..b64febd673 100644
--- a/backend/open_webui/utils/middleware.py
+++ b/backend/open_webui/utils/middleware.py
@@ -2607,12 +2607,17 @@ async def tool_function(**kwargs):
         # so system terminals work even when no other tools are selected)
         if terminal_id:
             try:
-                terminal_tools, system_prompt = await get_terminal_tools(
+                terminal_result = await get_terminal_tools(
                     request,
                     terminal_id,
                     user,
                     extra_params,
                 )
+                if isinstance(terminal_result, tuple):
+                    terminal_tools, system_prompt = terminal_result
+                else:
+                    terminal_tools = terminal_result
+                    system_prompt = None
                 if terminal_tools:
                     tools_dict = {**tools_dict, **terminal_tools}
                 if system_prompt:
diff --git a/backend/open_webui/utils/models.py b/backend/open_webui/utils/models.py
index 60ef87e5f5..b57c74744c 100644
--- a/backend/open_webui/utils/models.py
+++ b/backend/open_webui/utils/models.py
@@ -452,6 +452,10 @@ def get_filtered_models(models, user, db=None):
                     or model['id'] in accessible_model_ids
                 ):
                     filtered_models.append(model)
+            elif user.role == 'admin':
+                # No DB entry means no access control configured yet;
+                # only admins can see unconfigured models.
+                filtered_models.append(model)
 
         return filtered_models
     else:
diff --git a/backend/open_webui/utils/tools.py b/backend/open_webui/utils/tools.py
index 210ff24085..226830a1fa 100644
--- a/backend/open_webui/utils/tools.py
+++ b/backend/open_webui/utils/tools.py
@@ -956,7 +956,7 @@ async def get_terminal_tools(
     terminal_id: str,
     user: UserModel,
     extra_params: dict,
-) -> tuple[dict[str, dict], Optional[str]]:
+) -> dict[str, dict] | tuple[dict[str, dict], Optional[str]]:
     """Resolve tools for a terminal server identified by terminal_id.
 
     - Finds the connection in TERMINAL_SERVER_CONNECTIONS
diff --git a/package-lock.json b/package-lock.json
index e876da5288..5e66c6b3dc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
 	"name": "open-webui",
-	"version": "0.8.11.1",
+	"version": "0.8.12.1",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "open-webui",
-			"version": "0.8.11.1",
+			"version": "0.8.12.1",
 			"dependencies": {
 				"@azure/msal-browser": "^4.5.0",
 				"@codemirror/lang-javascript": "^6.2.2",
diff --git a/package.json b/package.json
index e0d8bf97f6..29b7852279 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "open-webui",
-	"version": "0.8.11.1",
+	"version": "0.8.12.1",
 	"private": true,
 	"scripts": {
 		"dev": "npm run pyodide:fetch && vite dev --host",
diff --git a/pyproject.toml b/pyproject.toml
index 7883a459e5..7a546e935f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -80,6 +80,7 @@ dependencies = [
     "msoffcrypto-tool==6.0.0",
     "nltk==3.9.3",
     "Markdown==3.10.2",
+    "beautifulsoup4==4.14.3",
     "pypandoc==1.16.2",
     "pandas==3.0.1",
     "openpyxl==3.1.5",
diff --git a/src/lib/apis/configs/index.ts b/src/lib/apis/configs/index.ts
index be6cf0f626..60a2cfc613 100644
--- a/src/lib/apis/configs/index.ts
+++ b/src/lib/apis/configs/index.ts
@@ -268,9 +268,10 @@ export const detectTerminalServerType = async (
 
 /**
  * Create or update a policy on the orchestrator.
- * PUT {url}/api/v1/policies/{policyId}
+ * Proxied through the Open WebUI backend to keep API keys server-side.
  */
 export const putOrchestratorPolicy = async (
+	token: string,
 	url: string,
 	key: string,
 	policyId: string,
@@ -278,18 +279,52 @@ export const putOrchestratorPolicy = async (
 ): Promise<object | null> => {
 	let error = null;
 
-	const baseUrl = url.replace(/\/$/, '');
-	const headers: Record<string, string> = {
-		'Content-Type': 'application/json'
-	};
-	if (key) {
-		headers['Authorization'] = `Bearer ${key}`;
+	const res = await fetch(`${WEBUI_API_BASE_URL}/configs/terminal_servers/policy`, {
+		method: 'POST',
+		headers: {
+			'Content-Type': 'application/json',
+			Authorization: `Bearer ${token}`
+		},
+		body: JSON.stringify({
+			url: url.replace(/\/$/, ''),
+			key,
+			policy_id: policyId,
+			policy_data: policyData
+		})
+	})
+		.then(async (res) => {
+			if (!res.ok) throw await res.json();
+			return res.json();
+		})
+		.catch((err) => {
+			console.error(err);
+			error = err.detail;
+			return null;
+		});
+
+	if (error) {
+		throw error;
 	}
 
-	const res = await fetch(`${baseUrl}/api/v1/policies/${encodeURIComponent(policyId)}`, {
-		method: 'PUT',
-		headers,
-		body: JSON.stringify(policyData)
+	return res;
+};
+
+/**
+ * Verify a terminal server connection via the backend proxy.
+ * Used for system/admin connections to avoid CORS issues and API key exposure.
+ */
+export const verifyTerminalServerConnection = async (token: string, connection: object) => {
+	let error = null;
+
+	const res = await fetch(`${WEBUI_API_BASE_URL}/configs/terminal_servers/verify`, {
+		method: 'POST',
+		headers: {
+			'Content-Type': 'application/json',
+			Authorization: `Bearer ${token}`
+		},
+		body: JSON.stringify({
+			...connection
+		})
 	})
 		.then(async (res) => {
 			if (!res.ok) throw await res.json();
diff --git a/src/lib/components/AddTerminalServerModal.svelte b/src/lib/components/AddTerminalServerModal.svelte
index b70a8b8233..e7c0236eb6 100644
--- a/src/lib/components/AddTerminalServerModal.svelte
+++ b/src/lib/components/AddTerminalServerModal.svelte
@@ -12,12 +12,16 @@
 	import LockClosed from '$lib/components/icons/LockClosed.svelte';
 	import Tooltip from '$lib/components/common/Tooltip.svelte';
 	import ConfirmDialog from '$lib/components/common/ConfirmDialog.svelte';
-	import { detectTerminalServerType, putOrchestratorPolicy } from '$lib/apis/configs';
+	import {
+		detectTerminalServerType,
+		verifyTerminalServerConnection,
+		putOrchestratorPolicy
+	} from '$lib/apis/configs';
 	import { getTerminalConfig } from '$lib/apis/terminal';
 
 	export let show = false;
 	export let edit = false;
-	export let admin = false;
+	export let direct = false;
 	export let connection = null;
 
 	export let onSubmit: Function = () => {};
@@ -110,9 +114,14 @@
 
 		verifying = true;
 		try {
-			if (admin) {
-				// Admin: detect orchestrator vs terminal
-				const type = await detectTerminalServerType(_url, key);
+			if (!direct) {
+				// System connection: proxy through backend to avoid CORS / key exposure
+				const result = await verifyTerminalServerConnection(localStorage.token, {
+					url: _url,
+					key,
+					auth_type
+				});
+				const type = result?.type ?? null;
 
 				if (type) {
 					serverType = type;
@@ -137,7 +146,7 @@
 					toast.error($i18n.t('Server connection failed'));
 				}
 			} else {
-				// Non-admin: simple terminal verification
+				// Direct connection: verify from browser
 				const res = await getTerminalConfig(_url, key);
 				if (res) {
 					toast.success($i18n.t('Server connection verified'));
@@ -192,9 +201,9 @@
 		url = url.replace(/\/$/, '');
 
 		// Save policy to orchestrator if applicable
-		if (serverType === 'orchestrator' && admin && policyId) {
+		if (serverType === 'orchestrator' && !direct && policyId) {
 			try {
-				await putOrchestratorPolicy(url, key, policyId, buildPolicyData());
+				await putOrchestratorPolicy(localStorage.token, url, key, policyId, buildPolicyData());
 			} catch (err) {
 				toast.error($i18n.t('Failed to save policy: {{error}}', { error: err }));
 				return;
@@ -202,7 +211,7 @@
 		}
 
 		const result = {
-			...(admin && id.trim() ? { id: id.trim() } : {}),
+			...(!direct && id.trim() ? { id: id.trim() } : {}),
 			url,
 			key,
 			name,
@@ -210,7 +219,7 @@
 			auth_type,
 			enabled: enabled,
 			config: {
-				...(admin ? { access_grants: accessGrants } : {})
+				...(!direct ? { access_grants: accessGrants } : {})
 			},
 			// Policy fields
 			...(serverType ? { server_type: serverType } : {}),
@@ -270,7 +279,7 @@
 									/>
 								</div>
 							</div>
-							{#if admin}
+							{#if !direct}
 								<div class="flex flex-col flex-1">
 									<div class="flex justify-between mb-0.5">
 										<label
@@ -368,7 +377,7 @@
 						</div>
 
 						<!-- Policy section (orchestrator only, admin only) -->
-						{#if serverType === 'orchestrator' && admin}
+						{#if serverType === 'orchestrator' && !direct}
 							<div class="flex gap-2 mt-2">
 								<div class="flex flex-col w-full">
 									<div class="flex justify-between mb-0.5">
@@ -580,7 +589,7 @@
 								{$i18n.t('Advanced')}
 							</button>
 
-							{#if admin}
+							{#if !direct}
 								<button
 									class="bg-gray-50 hover:bg-gray-100 text-black dark:bg-gray-850 dark:hover:bg-gray-800 dark:text-white transition px-2 py-1 object-cover rounded-full flex gap-1 items-center mt-2"
 									type="button"
@@ -662,7 +671,7 @@
 										>
 											<option value="none">{$i18n.t('None')}</option>
 											<option value="bearer">{$i18n.t('Bearer')}</option>
-											{#if admin}
+											{#if !direct}
 												<option value="session">{$i18n.t('Session')}</option>
 												<option value="system_oauth">{$i18n.t('OAuth')}</option>
 											{/if}
diff --git a/src/lib/components/admin/Settings/Integrations.svelte b/src/lib/components/admin/Settings/Integrations.svelte
index 7c051709db..a2a4075900 100644
--- a/src/lib/components/admin/Settings/Integrations.svelte
+++ b/src/lib/components/admin/Settings/Integrations.svelte
@@ -122,7 +122,6 @@
 <AddToolServerModal bind:show={showConnectionModal} onSubmit={addConnectionHandler} />
 
 <AddTerminalServerModal
-	admin
 	bind:show={showAddTerminalModal}
 	edit={editTerminalIdx !== null}
 	connection={editTerminalIdx !== null ? terminalConnections[editTerminalIdx] : null}
diff --git a/src/lib/components/chat/Messages/Markdown/ConsecutiveDetailsGroup.svelte b/src/lib/components/chat/Messages/Markdown/ConsecutiveDetailsGroup.svelte
index 836258585c..a18a6db683 100644
--- a/src/lib/components/chat/Messages/Markdown/ConsecutiveDetailsGroup.svelte
+++ b/src/lib/components/chat/Messages/Markdown/ConsecutiveDetailsGroup.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+	import { decode } from 'html-entities';
 	import { getContext } from 'svelte';
 	import { slide } from 'svelte/transition';
 	import { quintOut } from 'svelte/easing';
@@ -9,6 +10,9 @@
 	import WrenchSolid from '$lib/components/icons/WrenchSolid.svelte';
 	import Sparkles from '$lib/components/icons/Sparkles.svelte';
 	import CheckCircle from '$lib/components/icons/CheckCircle.svelte';
+	import FullHeightIframe from '$lib/components/common/FullHeightIframe.svelte';
+
+	import { settings } from '$lib/stores';
 
 	const i18n = getContext('i18n');
 
@@ -20,6 +24,8 @@
 			name?: string;
 			done?: string;
 			duration?: string;
+			embeds?: string;
+			arguments?: string;
 		};
 	}> = [];
 
@@ -27,6 +33,14 @@
 
 	let open = false;
 
+	function parseJSONString(str: string) {
+		try {
+			return parseJSONString(JSON.parse(str));
+		} catch (e) {
+			return str;
+		}
+	}
+
 	$: toolCallCount = tokens.filter((t) => t?.attributes?.type === 'tool_calls').length;
 	$: reasoningCount = tokens.filter((t) => t?.attributes?.type === 'reasoning').length;
 	$: hasPending =
@@ -35,6 +49,28 @@
 
 	$: codeInterpreterCount = tokens.filter((t) => t?.attributes?.type === 'code_interpreter').length;
 
+	// Collect all embeds from tool_calls tokens
+	$: allEmbeds = (() => {
+		const result: Array<{ name: string; embed: string; args: string }> = [];
+		for (const t of tokens) {
+			if (t?.attributes?.type !== 'tool_calls') continue;
+			const raw = decode(t.attributes?.embeds ?? '');
+			try {
+				const parsed = parseJSONString(raw);
+				if (Array.isArray(parsed) && parsed.length > 0) {
+					for (const embed of parsed) {
+						result.push({
+							name: t.attributes?.name ?? '',
+							embed,
+							args: decode(t.attributes?.arguments ?? '')
+						});
+					}
+				}
+			} catch {}
+		}
+		return result;
+	})();
+
 	$: summaryText = (() => {
 		const parts = [];
 
@@ -124,4 +160,19 @@
 			</div>
 		</div>
 	{/if}
+
+	{#if allEmbeds.length > 0}
+		{#each allEmbeds as embedItem, idx}
+			<div id={`${id}-embed-${idx}`}>
+				<FullHeightIframe
+					src={embedItem.embed}
+					args={embedItem.args}
+					allowScripts={true}
+					allowForms={$settings?.iframeSandboxAllowForms ?? false}
+					allowSameOrigin={$settings?.iframeSandboxAllowSameOrigin ?? false}
+					allowPopups={true}
+				/>
+			</div>
+		{/each}
+	{/if}
 </div>
diff --git a/src/lib/components/chat/Messages/Markdown/MarkdownTokens.svelte b/src/lib/components/chat/Messages/Markdown/MarkdownTokens.svelte
index a2bf7df8a1..0bd15fc2e5 100644
--- a/src/lib/components/chat/Messages/Markdown/MarkdownTokens.svelte
+++ b/src/lib/components/chat/Messages/Markdown/MarkdownTokens.svelte
@@ -380,6 +380,7 @@
 						<ToolCallDisplay
 							id={`${id}-${tokenIdx}-${detailIdx}-tc`}
 							attributes={detailToken.attributes}
+							grouped={true}
 							open={false}
 							className="w-full space-y-1"
 						/>
diff --git a/src/lib/components/chat/Settings/Integrations/Terminals.svelte b/src/lib/components/chat/Settings/Integrations/Terminals.svelte
index 8c637d8b2a..423fc79561 100644
--- a/src/lib/components/chat/Settings/Integrations/Terminals.svelte
+++ b/src/lib/components/chat/Settings/Integrations/Terminals.svelte
@@ -38,7 +38,7 @@
 	};
 </script>
 
-<AddTerminalServerModal bind:show={showAddModal} onSubmit={(server) => addServer(server)} />
+<AddTerminalServerModal direct bind:show={showAddModal} onSubmit={(server) => addServer(server)} />
 
 <div>
 	<div class="flex justify-between items-center mb-1">
diff --git a/src/lib/components/chat/Settings/Integrations/Terminals/Connection.svelte b/src/lib/components/chat/Settings/Integrations/Terminals/Connection.svelte
index 1be15783af..4f23bf94d5 100644
--- a/src/lib/components/chat/Settings/Integrations/Terminals/Connection.svelte
+++ b/src/lib/components/chat/Settings/Integrations/Terminals/Connection.svelte
@@ -20,6 +20,7 @@
 </script>
 
 <AddTerminalServerModal
+	direct
 	edit
 	bind:show={showConfigModal}
 	{connection}
diff --git a/src/lib/components/common/ToolCallDisplay.svelte b/src/lib/components/common/ToolCallDisplay.svelte
index 2d9a3eb813..e1c5a3bfb4 100644
--- a/src/lib/components/common/ToolCallDisplay.svelte
+++ b/src/lib/components/common/ToolCallDisplay.svelte
@@ -31,6 +31,7 @@
 	} = {};
 
 	export let open = false;
+	export let grouped = false;
 	export let className = '';
 
 	const RESULT_PREVIEW_LIMIT = 10000;
@@ -87,7 +88,7 @@
 </script>
 
 <div {id} class={className}>
-	{#if embeds && Array.isArray(embeds) && embeds.length > 0}
+	{#if !grouped && embeds && Array.isArray(embeds) && embeds.length > 0}
 		<!-- Embed Mode: Show iframes without collapsible behavior -->
 		<div class="py-1 w-full cursor-pointer">
 			<div class="w-full text-xs text-gray-500">
diff --git a/src/lib/i18n/locales/zh-CN/translation.json b/src/lib/i18n/locales/zh-CN/translation.json
index 769163bd5d..207b0a995d 100644
--- a/src/lib/i18n/locales/zh-CN/translation.json
+++ b/src/lib/i18n/locales/zh-CN/translation.json
@@ -11,13 +11,13 @@
 	"{{ models }}": "{{ models }}",
 	"{{COUNT}} Available Tools": "{{COUNT}} 个可用工具",
 	"{{COUNT}} characters": "{{COUNT}} 个字符",
-	"{{COUNT}} extracted lines": "已提取 {{COUNT}} 行",
+	"{{COUNT}} extracted lines": "已提取 {{COUNT}} 行文本",
 	"{{COUNT}} files": "{{COUNT}} 个文件",
-	"{{COUNT}} hidden lines": "{{COUNT}} 行被隐藏",
+	"{{COUNT}} hidden lines": "已隐藏 {{COUNT}} 行代码",
 	"{{COUNT}} members": "{{COUNT}} 位成员",
 	"{{COUNT}} Replies": "{{COUNT}} 条回复",
 	"{{COUNT}} Rows": "{{COUNT}} 行",
-	"{{count}} selected_other": "",
+	"{{count}} selected_other": "已选择 {{count}} 项",
 	"{{COUNT}} Sources": "{{COUNT}} 个引用来源",
 	"{{COUNT}} words": "{{COUNT}} 个字",
 	"{{COUNT}}d_time_ago": "{{COUNT}}天前",
@@ -35,7 +35,7 @@
 	"1 Source": "1 个引用来源",
 	"1m_time_ago": "刚刚",
 	"A collaboration channel where people join as members": "成员可加入的协作频道",
-	"A discussion channel where access is controlled by groups and permissions": "由权限组控制的讨论频道",
+	"A discussion channel where access is controlled by groups and permissions": "由用户组控制的讨论频道",
 	"A new version (v{{LATEST_VERSION}}) is now available.": "新版本（v{{LATEST_VERSION}}）现已发布",
 	"A private conversation between you and selected users": "您与选定用户之间的私人对话",
 	"A task model is used when performing tasks such as generating titles for chats and web search queries": "任务模型用于执行生成对话标题和联网搜索查询等任务",
@@ -65,7 +65,7 @@
 	"Add a tag": "添加标签",
 	"Add a tag...": "添加标签...",
 	"Add Access": "添加访问",
-	"Add Arena Model": "添加竞技场模型",
+	"Add Arena Model": "添加盲测模型",
 	"Add Connection": "添加连接",
 	"Add Content": "添加内容",
 	"Add content here": "在此添加内容",
@@ -87,7 +87,7 @@
 	"Add text content": "添加文本内容",
 	"Add to favorites": "添加到收藏",
 	"Add User": "添加用户",
-	"Add User Group": "添加权限组",
+	"Add User Group": "添加用户组",
 	"Add webpage": "添加网页",
 	"Add your Open Terminal URL and API key in Settings → Integrations.": "请到“设置 → 集成”中配置 Open Terminal 的地址和密钥。",
 	"Additional Config": "额外配置项",
@@ -136,7 +136,7 @@
 	"Allow File Upload": "允许上传文件",
 	"Allow Multiple Models in Chat": "允许在对话中使用多个模型",
 	"Allow non-local voices": "允许调用非本土音色",
-	"Allow public write access": "",
+	"Allow public write access": "允许公开写入",
 	"Allow Rate Response": "允许对回答进行评价",
 	"Allow Regenerate Response": "允许重新生成回答",
 	"Allow Sharing With Users": "允许分享给其他用户",
@@ -192,13 +192,13 @@
 	"Are you sure you want to delete \"{{NAME}}\"?": "您确认要删除“{{NAME}}”吗？",
 	"Are you sure you want to delete all chats? This action cannot be undone.": "您确认要删除所有对话吗？此操作无法撤销。",
 	"Are you sure you want to delete this channel?": "您确认要删除此频道吗？",
-	"Are you sure you want to delete this connection? This action cannot be undone.": "",
-	"Are you sure you want to delete this memory? This action cannot be undone.": "",
+	"Are you sure you want to delete this connection? This action cannot be undone.": "确定要删除此连接吗？此操作无法撤销。",
+	"Are you sure you want to delete this memory? This action cannot be undone.": "确定要删除这条记忆吗？此操作无法撤销。",
 	"Are you sure you want to delete this message?": "您确认要删除此消息吗？",
 	"Are you sure you want to delete this version? Child versions will be relinked to this version's parent.": "您确认要删除此版本吗？其子版本将重新链接到该版本的上一级。",
 	"Are you sure you want to delete this?": "确定要删除吗？",
 	"Are you sure you want to unarchive all archived chats?": "您确认要取消所有已归档的对话吗？",
-	"Arena Models": "启用竞技场匿名评价模型",
+	"Arena Models": "模型盲测",
 	"Artifacts": "产物",
 	"Asc": "升序",
 	"Ask": "提问",
@@ -344,10 +344,10 @@
 	"Click here to upload a workflow.json file.": "点击此处上传 workflow.json 文件",
 	"click here.": "点击此处",
 	"Click on the user role button to change a user's role.": "点击用户角色按钮以更改用户的角色",
-	"Click to connect": "",
-	"Click to copy ID": "点击复制 ID",
-	"Client ID": "",
-	"Client Secret": "",
+	"Click to connect": "点击以连接",
+	"Click to copy ID": "点击以复制 ID",
+	"Client ID": "客户端 ID",
+	"Client Secret": "客户端密钥",
 	"Clipboard write permission denied. Please check your browser settings to grant the necessary access.": "写入剪贴板时被拒绝。请检查浏览器设置，授予必要权限。",
 	"Clone": "复制",
 	"Clone Chat": "克隆对话",
@@ -403,7 +403,7 @@
 	"Configure": "配置",
 	"Confirm": "确认",
 	"Confirm Password": "确认密码",
-	"Confirm Prompt from Embed": "",
+	"Confirm Prompt from Embed": "确认嵌入提示词",
 	"Confirm your action": "确认要继续吗？",
 	"Confirm your new password": "确认新密码",
 	"Confirm Your Password": "确认您的密码",
@@ -412,7 +412,7 @@
 	"Connect to Open Terminal instances. All users will have access to file browsing and terminal tools through these servers.": "连接到 Open Terminal 实例后，所有用户将可以浏览服务器上的文件，并使用终端工具。",
 	"Connect to your own OpenAI compatible API endpoints.": "连接到符合 OpenAI 接口格式的接口",
 	"Connect to your own OpenAPI compatible external tool servers.": "连接到符合 OpenAPI 规范的外部工具服务器",
-	"Connected ({{type}})": "",
+	"Connected ({{type}})": "已连接（{{type}}）",
 	"Connection failed": "连接失败",
 	"Connection successful": "连接成功",
 	"Connection Type": "连接类型",
@@ -455,7 +455,7 @@
 	"Could not read file.": "读取文件失败。",
 	"Count": "数量",
 	"Count must be between 1 and 1000": "数量必须介于1到100",
-	"CPU": "",
+	"CPU": "CPU",
 	"Create": "创建",
 	"Create a knowledge base": "创建知识库",
 	"Create a model": "创建模型",
@@ -518,7 +518,7 @@
 	"Default Encoding Model": "默认计算模型",
 	"Default Features": "默认功能",
 	"Default Filters": "默认过滤器",
-	"Default Group": "默认权限组",
+	"Default Group": "默认用户组",
 	"Default mode works with a wider range of models by calling tools once before execution. Native mode leverages the model's built-in tool-calling capabilities, but requires the model to inherently support this feature.": "“默认”模式会在请求模型前调用工具，因此能兼容更多模型。“原生”模式则依赖模型本身的工具调用能力，但需要模型本身支持该功能。",
 	"Default Model": "默认模型",
 	"Default model updated": "默认模型已更新",
@@ -544,7 +544,7 @@
 	"Delete folder?": "要删除此分组吗？",
 	"Delete function?": "要删除此函数吗？",
 	"Delete Logs": "删除日志",
-	"Delete Memory?": "",
+	"Delete Memory?": "要删除这条记忆吗？",
 	"Delete Message": "删除消息",
 	"Delete message?": "要删除此消息吗？",
 	"Delete Model": "删除模型",
@@ -558,7 +558,7 @@
 	"Deleted": "删除成功",
 	"Deleted {{deleteModelTag}}": "已删除 {{deleteModelTag}}",
 	"Deleted {{name}}": "已删除 {{name}}",
-	"Deleted {{ok}} of {{total}} items": "",
+	"Deleted {{ok}} of {{total}} items": "已删除 {{total}} 项中的 {{ok}} 项",
 	"Deleted User": "已删除用户",
 	"Deployment names are required for Azure OpenAI": "Azure OpenAI 需要部署名称",
 	"Desc": "降序",
@@ -567,7 +567,7 @@
 	"Describe what changed...": "描述变更内容…",
 	"Describe your knowledge base and objectives": "描述您的知识库和目标",
 	"Description": "描述",
-	"Deselect": "",
+	"Deselect": "取消选中",
 	"Detect Artifacts Automatically": "自动检测对话产物",
 	"Dictate": "语音输入",
 	"Didn't fully follow instructions": "没有完全遵循指令",
@@ -592,7 +592,7 @@
 	"Discover, download, and explore custom prompts": "发现、下载并探索更多自定义提示词",
 	"Discover, download, and explore custom tools": "发现、下载并探索更多自定义工具",
 	"Discover, download, and explore model presets": "发现、下载并探索更多模型预设",
-	"Discussion channel where access is based on groups and permissions": "由权限组控制的讨论频道",
+	"Discussion channel where access is based on groups and permissions": "由用户组控制的讨论频道",
 	"Display": "显示",
 	"Display chat title in tab": "在浏览器标签页中显示对话标题",
 	"Display Emoji in Call": "在通话中显示 Emoji",
@@ -628,7 +628,7 @@
 	"Download canceled": "下载已取消",
 	"Download Database": "下载数据库",
 	"Downloading stats...": "正在下载统计数据...",
-	"Draw": "平局",
+	"Draw": "持平",
 	"Drop any files here to upload": "拖拽文件至此上传",
 	"Drop files here": "请将文件拖到此处",
 	"Drop files here to upload": "将文件拖到此处即可上传",
@@ -657,7 +657,7 @@
 	"e.g., en-US,ja-JP (leave blank for auto-detect)": "例如：en-US,ja-JP（留空则自动检测）",
 	"e.g., westus (leave blank for eastus)": "例如：westus（留空则默认为 eastus）",
 	"Edit": "编辑",
-	"Edit Arena Model": "编辑竞技场模型",
+	"Edit Arena Model": "编辑盲测模型",
 	"Edit Channel": "编辑频道",
 	"Edit Connection": "编辑连接",
 	"Edit Default Permissions": "编辑默认权限",
@@ -833,12 +833,12 @@
 	"Enter your new password": "输入您的新密码",
 	"Enter Your Password": "输入您的密码",
 	"Enter your redemption code": "输入兑换码",
-	"Enter Your Role": "输入您的权限组",
+	"Enter Your Role": "输入您的用户组",
 	"Enter Your Username": "输入您的用户名",
 	"Enter your webhook URL": "输入您的 Webhook 链接",
 	"Entra ID": "Entra ID",
-	"Environment Variables": "",
-	"Ephemeral": "",
+	"Environment Variables": "环境变量",
+	"Ephemeral": "临时",
 	"Error": "错误",
 	"ERROR": "错误",
 	"Error accessing directory": "访问目录时出错",
@@ -849,7 +849,7 @@
 	"Error uploading file: {{error}}": "上传文件时出错：{{error}}",
 	"Error: A model with the ID '{{modelId}}' already exists. Please select a different ID to proceed.": "错误：ID 为“{{modelId}}”的模型已存在。请选择不同的模型 ID。",
 	"Error: Model ID cannot be empty. Please enter a valid ID to proceed.": "错误：模型 ID 不能为空。请输入有效的模型 ID。",
-	"Evaluations": "竞技场评估",
+	"Evaluations": "模型评价",
 	"Exa API Key": "Exa 接口密钥",
 	"Example: (&(objectClass=inetOrgPerson)(uid=%s))": "例如：(&(objectClass=inetOrgPerson)(uid=%s))",
 	"Example: ALL": "例如：ALL",
@@ -869,8 +869,8 @@
 	"Expired At": "过期时间",
 	"Explain": "解释",
 	"Explore the cosmos": "探索星辰",
-	"Explored": "",
-	"Exploring": "",
+	"Explored": "已分析",
+	"Exploring": "分析中",
 	"Export": "导出",
 	"Export All Archived Chats": "导出所有已存档对话",
 	"Export All Chats (All Users)": "导出所有用户对话",
@@ -928,7 +928,7 @@
 	"Failed to save connections": "保存连接失败",
 	"Failed to save conversation": "保存对话失败",
 	"Failed to save models configuration": "保存模型配置失败",
-	"Failed to save policy: {{error}}": "",
+	"Failed to save policy: {{error}}": "保存策略失败：{{error}}",
 	"Failed to save terminal servers": "终端服务器保存失败",
 	"Failed to unshare chat.": "取消对话分享失败。",
 	"Failed to update settings": "更新设置失败",
@@ -945,7 +945,7 @@
 	"Feedback History": "历史反馈",
 	"Feel free to add specific details": "欢迎补充具体细节",
 	"Female": "女性",
-	"Fetch URL Content Length Limit": "",
+	"Fetch URL Content Length Limit": "URL 抓取内容长度上限",
 	"File": "文件",
 	"File added successfully.": "文件成功添加",
 	"File attached to chat": "文件已被添加到对话中",
@@ -1003,7 +1003,7 @@
 	"Format Lines": "行内容格式化",
 	"Format the lines in the output. Defaults to False. If set to True, the lines will be formatted to detect inline math and styles.": "对输出中的文本行进行格式处理。默认为 False。设置为 True 时，会对所有文本行的内容进行格式化，检测并识别行内的数学公式和样式。",
 	"Formatting may be inconsistent from source.": "格式可能会与原始文件不完全一致。",
-	"Forward": "",
+	"Forward": "前进",
 	"Forwards system user OAuth access token to authenticate": "转发用户的 OAuth 访问令牌（Access Token）以进行身份验证",
 	"Forwards system user session credentials to authenticate": "转发用户的会话凭证（Session Credentials）以进行身份验证",
 	"Full Context Mode": "完整上下文模式",
@@ -1052,13 +1052,13 @@
 	"Grid": "网格",
 	"Grokipedia": "Grokipedia",
 	"Group Channel": "群组频道",
-	"Group created successfully": "权限组创建成功",
-	"Group deleted successfully": "权限组删除成功",
-	"Group Description": "权限组描述",
-	"Group Name": "权限组名称",
-	"Group updated successfully": "权限组更新成功",
-	"groups": "权限组",
-	"Groups": "权限组",
+	"Group created successfully": "用户组创建成功",
+	"Group deleted successfully": "用户组删除成功",
+	"Group Description": "用户组描述",
+	"Group Name": "用户组名称",
+	"Group updated successfully": "用户组更新成功",
+	"groups": "用户组",
+	"Groups": "用户组",
 	"H1": "一级标题",
 	"H2": "二级标题",
 	"H3": "三级标题",
@@ -1092,7 +1092,7 @@
 	"ID": "ID",
 	"ID cannot contain \":\" or \"|\" characters": "ID 中不允许包含 “:” 或 “|” 字符",
 	"ID copied to clipboard": "已复制 ID 到剪贴板",
-	"Idle Timeout": "",
+	"Idle Timeout": "无操作超时时间",
 	"If empty, will use username as the from address": "如果留空，则会使用用户名作为发件人地址",
 	"If there is no Usage returned, and the model cannot be matched, then use the tiktoken encoder of this model to calculate the Token": "如果没有返回 Usage，并且模型无法匹配上，则使用这个模型的 tiktoken encoder 来计算 Token",
 	"iframe Sandbox Allow Forms": "iframe 沙盒允许表单提交",
@@ -1245,7 +1245,7 @@
 	"Local Task Model": "本地任务模型",
 	"Location access not allowed": "不允许访问位置信息",
 	"Long Context Configuration": "长上下文配置",
-	"Lost": "落败",
+	"Lost": "较差",
 	"Low": "低",
 	"LTR": "从左至右",
 	"Made by Open WebUI Community": "由 Open WebUI 社区开发",
@@ -1269,7 +1269,7 @@
 	"Max Speakers": "最大扬声器数量",
 	"Max Upload Count": "最大上传数量",
 	"Max Upload Size": "最大上传大小",
-	"Maximum characters to return from fetched URLs. Leave empty for no limit.": "",
+	"Maximum characters to return from fetched URLs. Leave empty for no limit.": "从 URL 抓取内容时返回的最大字符数。留空表示不限制。",
 	"Maximum number of files allowed per folder.": "每个分组允许的最大文件数量。",
 	"Maximum number of files per folder is {{max}}.": "每个分组允许的最大文件数量为 {{max}}。",
 	"Maximum of 3 models can be downloaded simultaneously. Please try again later.": "最多可同时下载 3 个模型，请稍后重试。",
@@ -1301,7 +1301,7 @@
 	"Microsoft OneDrive": "Microsoft OneDrive",
 	"Microsoft OneDrive (personal)": "Microsoft OneDrive（个人账户）",
 	"Microsoft OneDrive (work/school)": "Microsoft OneDrive（工作或学校账户）",
-	"min": "",
+	"min": "分钟",
 	"MinerU": "MinerU",
 	"MinerU API Key required for Cloud API mode.": "使用 MinerU 云服务模式需要接口密钥。",
 	"Minimum Cost Per Request": "单次请求最低消费",
@@ -1373,7 +1373,7 @@
 	"New File": "新建文件",
 	"New Folder": "创建分组",
 	"New Function": "新函数",
-	"New Group": "新建权限组",
+	"New Group": "新建用户组",
 	"New Knowledge": "创建知识库",
 	"New Model": "创建模型",
 	"New Note": "创建笔记",
@@ -1408,14 +1408,14 @@
 	"No files in this knowledge base.": "此知识库中没有文件。",
 	"No files yet. Upload files or run Python code to create them.": "暂无文件。请上传文件或运行 Python 代码以创建文件。",
 	"No functions found": "未找到函数",
-	"No groups found": "暂无权限组",
+	"No groups found": "暂无用户组",
 	"No history available": "暂无历史记录",
 	"No HTML, CSS, or JavaScript content found.": "未找到 HTML、CSS 或 JavaScript 内容。",
 	"No inference engine with management support found": "未找到支持管理的推理引擎",
 	"No kernel": "未找到内核",
 	"No knowledge bases found.": "未找到知识库",
 	"No knowledge found": "未找到知识",
-	"No limit": "",
+	"No limit": "无限制",
 	"No Log": "暂无日志",
 	"No memories to clear": "记忆为空，无须清理",
 	"No model IDs": "没有模型 ID",
@@ -1462,7 +1462,7 @@
 	"Number of redemption codes": "兑换码数量",
 	"OAuth": "OAuth",
 	"OAuth 2.1": "OAuth 2.1",
-	"OAuth 2.1 (Static)": "",
+	"OAuth 2.1 (Static)": "OAuth 2.1（静态）",
 	"OAuth ID": "OAuth ID",
 	"October": "十月",
 	"Off": "关闭",
@@ -1493,7 +1493,7 @@
 	"Open Delete Log Modal": "打开删除日志弹窗",
 	"Open file": "打开文件",
 	"Open in full screen": "全屏打开",
-	"Open in new tab": "",
+	"Open in new tab": "在新标签页中打开",
 	"Open link": "打开链接",
 	"Open modal to configure connection": "打开外部连接配置弹窗",
 	"Open Modal To Manage Floating Quick Actions": "管理快捷操作浮窗",
@@ -1557,7 +1557,7 @@
 	"Perplexity Model": "Perplexity 模型",
 	"Perplexity Search API URL": "Perplexity 搜索接口地址",
 	"Perplexity Search Context Usage": "Perplexity 搜索上下文用量",
-	"Persistent": "",
+	"Persistent": "持久化",
 	"Personalization": "个性化",
 	"Pin": "置顶",
 	"Pinned": "已置顶",
@@ -1578,7 +1578,7 @@
 	"Playwright WebSocket URL": "Playwright WebSocket 地址",
 	"Please carefully review the following warnings:": "请仔细阅读以下警告信息：",
 	"Please check your email inbox for the activation link.": "请检查你的邮箱收件箱，查找激活链接。",
-	"Please connect all required integrations before sending a message": "",
+	"Please connect all required integrations before sending a message": "发送消息前，请先连接所有必需服务",
 	"Please do not close the settings page while loading the model.": "加载模型时请不要关闭设置页面",
 	"Please enter a keyword to export": "请输入主题或兑换码后再尝试导出",
 	"Please enter a message or attach a file.": "请输入内容或添加文件。",
@@ -1589,7 +1589,7 @@
 	"Please enter a valid redemption code": "请输入有效的兑换码",
 	"Please enter a valid URL": "请输入有效的地址",
 	"Please enter a valid URL.": "请输入有效的地址。",
-	"Please enter Client ID and Client Secret": "",
+	"Please enter Client ID and Client Secret": "请输入客户端 ID 和客户端密钥",
 	"Please fill in all fields.": "请填写所有字段。",
 	"Please input amount": "请输入数量",
 	"Please refresh after payment": "支付后请手动刷新",
@@ -1602,7 +1602,7 @@
 	"Please select at least one user for Direct Message channel.": "请至少选择一个用户以创建私聊频道。",
 	"Please use a private key in PKCS#1 format. You can convert it using a format-conversion tool.": "请使用 PKCS1 格式的密钥，新生成的密钥需要通过工具转换",
 	"Please wait until all files are uploaded.": "请等待所有文件上传完毕。",
-	"Policy ID": "",
+	"Policy ID": "策略 ID",
 	"Port": "端口",
 	"Ports": "端口",
 	"Positive attitude": "态度积极",
@@ -1648,8 +1648,8 @@
 	"Querying": "查询中",
 	"Quick Actions": "快捷操作",
 	"RAG Template": "RAG 提示词模板",
-	"Ran {{COUNT}} analyses": "",
-	"Ran {{COUNT}} analysis": "",
+	"Ran {{COUNT}} analyses": "已完成 {{COUNT}} 次分析",
+	"Ran {{COUNT}} analysis": "已完成 {{COUNT}} 次分析",
 	"Rate {{rating}} out of 10": "评分：{{rating}}/10",
 	"Rating": "评价",
 	"Re-rank models by topic similarity": "根据主题相似性对模型重新排名",
@@ -1704,7 +1704,7 @@
 	"Remove image": "移除图像",
 	"Remove Model": "移除模型",
 	"Rename": "重命名",
-	"Renamed to {{name}}": "",
+	"Renamed to {{name}}": "已重命名为 {{name}}",
 	"Render Markdown in Previews": "在文件和引用预览中渲染 Markdown",
 	"Reorder Models": "重新排序模型",
 	"Reply": "回复",
@@ -1769,10 +1769,10 @@
 	"search for shared chats": "搜索已共享的对话",
 	"search for tags": "搜索标签",
 	"Search Functions": "搜索函数",
-	"Search Groups": "搜索权限组",
+	"Search Groups": "搜索用户组",
 	"Search In Models": "搜索模型",
 	"Search Knowledge": "搜索知识",
-	"Search Memories": "",
+	"Search Memories": "搜索记忆",
 	"Search Models": "搜索模型",
 	"Search Notes": "搜索笔记",
 	"Search options": "搜索选项",
@@ -1803,7 +1803,7 @@
 	"Select a conversation to preview": "选择对话进行预览",
 	"Select a engine": "选择搜索引擎",
 	"Select a function": "选择函数",
-	"Select a group": "选择权限组",
+	"Select a group": "选择用户组",
 	"Select a language": "选择语言",
 	"Select a mode": "选择模式",
 	"Select a model": "选择模型",
@@ -1815,7 +1815,7 @@
 	"Select a theme": "选择主题",
 	"Select a tool": "选择工具",
 	"Select a voice": "选择声音",
-	"Select All": "",
+	"Select All": "全选",
 	"Select an auth method": "选择身份验证方式",
 	"Select an embedding model engine": "选择嵌入模型引擎",
 	"Select an engine": "选择引擎",
@@ -1844,7 +1844,7 @@
 	"Serper API Key": "Serper 接口密钥",
 	"Serply API Key": "Serply 接口密钥",
 	"Serpstack API Key": "Serpstack 接口密钥",
-	"Server connection failed": "",
+	"Server connection failed": "服务器连接失败",
 	"Server connection verified": "已验证服务器连接",
 	"Session": "用户会话（Session）",
 	"Set as default": "设为默认",
@@ -1952,7 +1952,7 @@
 	"Stop Download": "停止下载",
 	"Stop Generating": "停止生成",
 	"Stop Sequence": "停止序列 (Stop Sequence)",
-	"Storage": "",
+	"Storage": "存储",
 	"Stream Chat Response": "流式对话响应 (Stream Chat Response)",
 	"Stream Delta Chunk Size": "流式增量输出的分块大小（Stream Delta Chunk Size）",
 	"Streamable HTTP": "流式 HTTP",
@@ -2060,7 +2060,7 @@
 	"This will delete all models including custom models and cannot be undone.": "这将删除所有模型，包括自定义模型，且无法撤销。",
 	"This will reset the knowledge base and sync all files. Do you wish to continue?": "这将重置知识库并同步所有文件。确认继续？",
 	"Thorough explanation": "解释详尽",
-	"Thought": "",
+	"Thought": "思考过程",
 	"Thought for {{DURATION}}": "思考用时 {{DURATION}}",
 	"Thought for {{DURATION}} seconds": "思考用时 {{DURATION}} 秒",
 	"Thought for less than a second": "思考用时小于 1 秒",
@@ -2090,7 +2090,7 @@
 	"Today at {{LOCALIZED_TIME}}": "今天 {{LOCALIZED_TIME}}",
 	"Toggle {{COUNT}} sources": "展开/收起 {{COUNT}} 个来源",
 	"Toggle 1 source": "展开/收起 1 个来源",
-	"Toggle details": "",
+	"Toggle details": "展开/收起详情",
 	"Toggle Dictation": "切换为听写模式",
 	"Toggle Sidebar": "展开或收起侧边栏",
 	"Toggle status history": "展开/收起历史状态",
@@ -2185,7 +2185,7 @@
 	"Use '#' in the prompt input to load and include your knowledge.": "在输入框中输入 '#' 号可加载您需要的知识库内容",
 	"Use /v1/chat/completions endpoint instead of /v1/audio/transcriptions for potentially better accuracy.": "使用 /v1/chat/completions 接口替换 /v1/audio/transcriptions 以提高准确性。",
 	"Use Chat Completions API": "使用 Chat Completions 接口",
-	"Use groups to organize your users and assign permissions.": "使用权限组来管理用户并分配权限。",
+	"Use groups to organize your users and assign permissions.": "使用用户组来管理用户并分配权限。",
 	"Use LLM": "使用大语言模型（LLM）",
 	"Use no proxy to fetch page contents.": "不使用代理获取页面内容",
 	"Use proxy designated by http_proxy and https_proxy environment variables to fetch page contents.": "使用由 http_proxy 和 https_proxy 环境变量指定的代理获取页面内容",
@@ -2211,7 +2211,7 @@
 	"Uses OAuth 2.1 Dynamic Client Registration": "使用 OAuth 2.1 的动态客户端注册机制",
 	"Using Entire Document": "使用完整文档",
 	"Using Focused Retrieval": "使用聚焦检索",
-	"Using the default arena model with all models. Click the plus button to add custom models.": "竞技场模型默认使用所有模型。点击上方的“+”按钮以添加自定义模型",
+	"Using the default arena model with all models. Click the plus button to add custom models.": "默认会使用全部模型进行盲测。点击上方“+”可添加自定义盲测模型。",
 	"Valid time units:": "有效时间单位：",
 	"Validate certificate": "验证证书合法性",
 	"Valves": "配置项",
@@ -2272,7 +2272,7 @@
 	"Widescreen Mode": "宽屏模式",
 	"Width": "宽度",
 	"Wikipedia": "维基百科",
-	"Won": "获胜",
+	"Won": "更好",
 	"Works together with top-k. A higher value (e.g., 0.95) will lead to more diverse text, while a lower value (e.g., 0.5) will generate more focused and conservative text.": "与 top-k 配合使用。较高的值（例如 0.95）将产生更加多样化的文本，而较低的值（例如 0.5）将产生更加聚焦和保守的文本。",
 	"Workspace": "工作空间",
 	"Workspace Permissions": "工作空间权限",